05-24-2017 01:42 PM - edited 03-12-2019 06:24 AM
This is an odd one. From the sfr conolse i can ping intelligence.sourcefire.com , nslookup works as well also, but when I try telnet i get this;
Failed to connect to intelligence.sourcefire.com port 443: No route to host
When I try this command found in this document, sudo curl -vvk https://intelligence.sourcefire.com I get this;
Cisco Fire Linux OS v6.2.0 (build 42)
Cisco ASA5508 v6.2.0.1 (build 59)
> expert
admin@firepower:~$ sudo curl -vvk https://intelligence.sourcefire.com
Password:
* Rebuilt URL to: https://intelligence.sourcefire.com/
* Trying 198.148.79.58...
* Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
* connect to 198.148.79.58 port 443 failed: No route to host
* Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
* Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
* Failed to connect to intelligence.sourcefire.com port 443: No route to host
* Closing connection 0
curl: (7) Failed to connect to intelligence.sourcefire.com port 443: No route to host
Any idea whats going on would be most appreciated.
Thanks
Solved! Go to Solution.
10-05-2017 12:23 PM
I figured it out. The gateway was incorrect on the SFR module.
05-25-2017 03:24 AM
Is there perhaps WCCP or some sort of a web proxy server in your environment?
05-25-2017 09:57 AM
No WCCP or web proxies in my enviroment. Just an asa 5508 with the SFR module.
05-25-2017 03:51 AM
Hello,
per outputs, it looks to me that device is trying to communicate over IPv6 which will fail, could you re-run test and force curl tool to use only IPv4? Would the results be the same?
Command that will force curl to run only on IPv4 stack:
curl -vvk https://intelligence.sourcefire.com -4
Best regards,
Veronika
05-25-2017 09:56 AM
Same error
* Rebuilt URL to: https://intelligence.sourcefire.com/
* Trying 198.148.79.58...
* connect to 198.148.79.58 port 443 failed: No route to host
* Failed to connect to intelligence.sourcefire.com port 443: No route to host
* Closing connection 0
curl: (7) Failed to connect to intelligence.sourcefire.com port 443: No route to host
05-28-2017 12:19 PM
Still looks like a proxy on the path. Could you perform in one CLI session on FMC packet captures and on other curl query?
First I would just suggest to run following capture test and then make request using Curl:
tcpdump -i eth0 port 443 and host intelligence.sourcefire.com
In case you dont see any output:
tcpdump -i eth0 port 443 and host <IP address of intelligence server taken from nslookup>
If you there is any output please re-run capture and write it to file using additional parameter -w /var/tmp/pcap1.pcap and upload here for our review.
Also please examine /var/log/messages file on FMC to see whether there are any timeouts.
Keep us posted,
Veronika
06-13-2017 02:27 PM
Ok, I have the pcap file, but how do it get it off of the SFR?
10-05-2017 12:23 PM
I figured it out. The gateway was incorrect on the SFR module.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide